package com.leemon.mall.common.xss;

import org.jsoup.Jsoup;
import org.jsoup.nodes.Document;
import org.jsoup.safety.Whitelist;

/**
 * @author limenglong
 * @create 2019-09-05 18:54
 * @desc xss非法标签过滤工具类，使用Jsoup的xss防御
 **/
public class XssUtil {

    //白名单
    private static final Whitelist WHITELIST = Whitelist.relaxed();

    //配置过滤化参数，不对代码进行格式化
    private static final Document.OutputSettings OUTPUT_SETTINGS = new Document.OutputSettings().prettyPrint(false);

    //富文本编辑时有些样式是使用style实现的，例：style="color:green"
    //给所有标签添加style属性
    static {
        WHITELIST.addAttributes(":all", "style");
    }

    public static String clean(String content) {
        return Jsoup.clean(content, "", WHITELIST, OUTPUT_SETTINGS);
    }
}
